[Pkg-openldap-devel] Bug#696207: Bug#696207: ldapsearch sets Kerberos principle incorrectly over IPv6
Brian May
brian at microcomaustralia.com.au
Tue Dec 18 04:30:22 UTC 2012
On 18 December 2012 15:23, Russ Allbery <rra at debian.org> wrote:
> If you add:
>
> rdns = false
>
> to the [libdefaults] section of your /etc/krb5.conf, does it then work
> with MIT? (I'm not sure what the corresponding Heimdal setting; a quick
> man page check didn't reveal it.)
>
No change.
> I think this is your GSS-API library being excessively helpful and
> canonicalizing the host identity with DNS for you, and then getting
> confused by whatever nsswitch is returning. This isn't really under the
> control of the application; the GSS-API library will do this under the
> hood.
>
Like I said, same result both from Heimdal and MIT. Is it possible
both independent implementations made exactly the same mistake?
--
Brian May <brian at microcomaustralia.com.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20121218/6134c4b5/attachment.html>
More information about the Pkg-openldap-devel
mailing list